Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 24. July 2007., 19:09:15 »

- Comon Removal method:

1. Check your AntiVirus (which one is, is it updated and did you make full scan of your PC (after update).

2. If you can't clean worm with this way, reinstal your AV and download & instal one off this AV: McAfee or Kaspersky (here at SCForum.info we provide you link to latest downloads, just check right section) and go again at step 1.

3. Don't forget to turn off System Restore at your PC.


***If you, after this all steps still have problem with this Malware go and post Your problem in Our HELP section, direct link is in my Signature (right belowe this post).***
Posted by: Amker
« on: 16. June 2007., 15:19:33 »

This detection is for a worm that spreads by copying ittself to removable media.  It is also capable of send system information form the victim's machine to a remote email address.
Characteristics -


When W32/USBCasv is executed it copies itself to the following folder locations:
%Temp%\s.exe
%SysDir%\odbcasvc.exe

 

The worm isntalls itself as a Service named 'ODBC Administration Service'  by creating the following registry keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odbcasvc "DisplayName" = ODBC Administration Service
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\odbcasvc "ImagePath" = C:%SysDir%\odbcasvc.EXE

 

The worm contains it's own SMTP engine and therefore is capable of mailing out information about the infected system or user details without the need of a email client such as MS Outlook.
Symptoms -

Presence of the file and registry keys created as mentioned in the characteristics.
Method of Infection -

The worm spreads by copying itself  as INFO.EXE in a created folder called Recycled on to all removable drives :

A corresponding file AUTORUN.INF is dropped onto the victim's system and contains the following:

[autorun]
open=.\recycled\info.exe
shell\1=äŻŔŔ
shell\1\Command=.\recycled\info.exe
shellexecute=.\recycled\info.exe
Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

McAfee
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising